<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>kali工具箱</title>
<script src="./static/bootstrap.min.js"></script>
<link rel="stylesheet" href="./static/main.css">
<link rel="stylesheet" href="./static/bootstrap.min.css">
<style type="text/css" id="syntaxhighlighteranchor"></style>
</head>
<main class="main-container ng-scope" ng-view="">
<div class="main receptacle post-view ng-scope">
<article class="entry ng-scope" ng-controller="EntryCtrl" ui-lightbox="">
<section class="entry-content ng-binding" ng-bind-html="postContentTrustedHtml">
<h2> creddump包装说明</h2><p style="text-align: justify;"> creddump是一个Python工具来提取从Windows注册表配置单元的各种证书和秘密。目前，它提取： </p><ul><li> LM和NT哈希（SYSKEY保护） </li><li>缓存域密码</li><li> LSA机密</li></ul><p>它实质上是执行所有bkhive / samdump2，cachedump和lsadump2做的功能，但在一个平台无关的方式。 </p><p>这也是做所有这些事情在脱机方式（实际上，该隐与亚伯做，但不是开源的，并且只适用于Windows）中的第一个工具。 </p><p>资料来源：https://code.google.com/p/creddump/ </p><p> <a href="http://code.google.com/p/creddump" variation="deepblue" target="blank">creddump首页</a> | <a href="http://git.kali.org/gitweb/?p=packages/creddump.git;a=summary" variation="deepblue" target="blank">卡利creddump回购</a> </p><ul><li>作者：布伦丹·杜兰，Gavitt </li><li>许可：GPLv3的</li></ul><h3>包含在creddump包工具</h3><h5> cachedump - 转储缓存的凭据</h5><code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="11637e7e65517a707d78">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# cachedump<br>
usage: /usr/bin/cachedump &lt;system hive&gt; &lt;security hive&gt;</code><h3> lsadump - 转储LSA机密</h3><code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="dba9b4b4af9bb0bab7b2">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# lsadump<br>
usage: /usr/bin/lsadump &lt;system hive&gt; &lt;security hive&gt;</code><h3> PWDUMP - 自卸密码哈希</h3><code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="6f1d00001b2f040e0306">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# pwdump<br>
usage: /usr/bin/pwdump &lt;system hive&gt; &lt;SAM hive&gt;</code><h3> PWDUMP用法示例</h3><p>转储使用该系统<b><i>（系统）</i></b>和山姆<b><i>（SAM）</i></b>荨麻疹的密码哈希值： </p><code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="8af8e5e5fecae1ebe6e3">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# pwdump system sam<br>
Administrator:500:41aa818b512a8c0e72381e4c174e281b:1896d0a309184775f67c14d14b5c365a:::<br>
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::<br>
HelpAssistant:1000:667d6c58d451dbf236ae37ab1de3b9f7:af733642ab69e156ba0c219d3bbc3c83:::<br>
SUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee:8dffa305e2bee837f279c2c0b082affb:::</code><h3> lsadump用法示例</h3><p>转储使用该系统<b><i>（系统）</i></b> <b><i>和</i></b>安全性（ <b><i>安全性）</i></b>荨麻疹的LSA秘密： </p><code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="62100d0d162209030e0b">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# lsadump system security <br>
_SC_ALG<br>
<br>
_SC_Dnscache<br>
<br>
_SC_upnphost<br>
<br>
20ed87e2-3b82-4114-81f9-5e219ed4c481-SALEMHELPACCOUNT<br>
<br>
_SC_WebClient<br>
<br>
_SC_RpcLocator<br>
<br>
0083343a-f925-4ed7-b1d6-d95d17a0b57b-RemoteDesktopHelpAssistantSID<br>
0000   01 05 00 00 00 00 00 05 15 00 00 00 B6 44 E4 23    .............D.#<br>
0010   F4 50 BA 74 07 E5 3B 2B E8 03 00 00                .P.t..;+....<br>
<br>
0083343a-f925-4ed7-b1d6-d95d17a0b57b-RemoteDesktopHelpAssistantAccount<br>
0000   00 38 00 48 00 6F 00 31 00 49 45 00 4A 00 26 00    E.J.&amp;.8.H.o.1.I.<br>
0010   00 63 00 72 00 48 00 68 00 53 6B 00 00 00          h.S.c.r.H.k...<br>
<br>
_SC_MSDTC<br>
<br>
_SC_SSDPSRV<br>
<br>
_SC_Alerter<br>
<br>
_SC_RpcSs<br>
<br>
_SC_LmHosts<br>
<br>
_SC_BthServ</code><div style="display:none">
<script src="//s11.cnzz.com/z_stat.php?id=1260038378&web_id=1260038378" language="JavaScript"></script>
</div>
</main></body></html>
